none
WCF gives intermittent 401 errors RRS feed

  • Question

  • Hi all,

    First off, I am very new to WCF services.

    I have a WCF service running in IIS. Windows, ASP.NET Impersonation, and Anonymous are enabled in IIS then specific users are set in the web.config, the rest are denied access.

    The web service has a couple functions. They are called by button click events on a windows form on a client machine.

    Most of the time it works. But then it will just stop working.

    A couple of the buttons will start returning 401 unauthorized errors. One button will just crash with an unhandled exception of object reference not set to an isntance of an object.

    Why do I get an unhandled exception when the entire code contents of the button click are in a Try Catch block?

    Once I get these errors I have to reinstall the windows form. It's like something gets corrupted and needs a reinstall.

    Any other ideas for trouble shooting?

    Thanks in advance.


    Rowena

    Thursday, January 17, 2013 9:39 PM

All replies

  • One thing I notice in Fiddler... When it's successful, I get the usual pattern of 401/200 results. When it fails, I get the 401 with obviously no subsequent 200. But the headers of the 401s are different. I have no idea what this means?

    Sucessful Header:

    POST http://ServerName/ServiceName.svc HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.296)
    Content-Type: text/xml; charset=utf-8
    SOAPAction: "http://tempuri.org/IServiceName/FunctionName"
    Authorization: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAA.....
    Host: ServerName
    Content-Length: 0

    HTTP/1.1 401 Unauthorized
    Content-Type: text/html; charset=us-ascii
    Server: Microsoft-HTTPAPI/2.0
    WWW-Authenticate: Negotiate TlRMTVNTUAACAAAACAAIADgAAAAVgoniJ4NiXNGbzTYAAAAAAA.....
    Date: Thu, 17 Jan 2013 19:30:50 GMT
    Content-Length: 341
    Proxy-Support: Session-Based-Authentication

    Unsuccessful Header:

    POST http://ServerName/ServiceName.svc HTTP/1.1
    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 4.0.30319.296)
    Content-Type: text/xml; charset=utf-8
    SOAPAction: "http://tempuri.org/IServiceName/FunctionName"
    Host: ServerName
    Content-Length: 309
    Expect: 100-continue
    Connection: Keep-Alive

    HTTP/1.1 401 Unauthorized
    Cache-Control: private
    Content-Type: text/html
    Server: Microsoft-IIS/7.5
    X-AspNet-Version: 4.0.30319
    WWW-Authenticate: Negotiate
    WWW-Authenticate: NTLM
    X-Powered-By: ASP.NET
    Date: Thu, 17 Jan 2013 19:52:30 GMT
    Content-Length: 1293
    Proxy-Support: Session-Based-Authentication


    Rowena

    Thursday, January 17, 2013 10:01 PM
  • Hi,

    >>The web service has a couple functions. They are called by button click events on a windows form on a client machine.

    To troubleshoot the issue, please provide more information about the service. I'd suggest you enable tracing for your service to get actual error details.

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, January 18, 2013 12:03 PM
    Moderator
  • Hi Haixia,

    Thanks for the response.

    The service is pretty basic right now to test things out. I have one function that returns the Windows Identity as a string and another function that does a select on a database and returns the record count as an integer, just to test database permissions.

    I have set up tracing as you suggested, I think I have introduced errors from misconfiguration of the web.config so I will get back to you on that.

    Thanks,

    Rowena


    Rowena

    Tuesday, January 22, 2013 12:24 AM
  • Hi,

    >>Most of the time it works. But then it will just stop working.

    >>Once I get these errors I have to reinstall the windows form. It's like something gets corrupted and needs a reinstall.

    Can you explain these more clearly?

    In addition, below is a post about 401 intermittent error, please check if it can help you to solve the issue.

    http://aadhoc.blogspot.com/2010/01/wcf-service-401-intermittent-error.html

    If it cannot help you, please provide more information of how do you host the service and how to call the service from the windows form app, and the core code config of the service and client. 

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, January 22, 2013 6:55 AM
    Moderator
  • Thank you!

    The article you provided seems to offer the solution and changing aspNetCompatibilityEnabled to False fixes the problem.

    Unfortunately now the client doesn't seem to pass the Windows identity to the server.

    Are there any other solutions to the problem where the IIS service becomes idle for too long?

    This is the service:

    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)] public class Service : IBuildingPermitsService { public string GetData(int value) { try { String sIdentity = System.Security.Principal.WindowsIdentity.GetCurrent().Name; return string.Format(sIdentity); } catch (Exception e) { string s; s = e.Message; return s; } }

    }

    This is the client code:

        Private Sub btnSyncWebserviceTest_Click(sender As System.Object, e As System.EventArgs) Handles btnSyncWebserviceTest.Click
            Try
                Dim ProxyBuildingPermitsWCFServiceClient As New BuildingPermitsService.Service
                ProxyBuildingPermitsWCFServiceClient.Url = m_sBuildingPermitService
                ProxyBuildingPermitsWCFServiceClient.Credentials = System.Net.CredentialCache.DefaultCredentials
                ProxyBuildingPermitsWCFServiceClient.PreAuthenticate = True
    
                Dim sResult As String
                sResult = ProxyBuildingPermitsWCFServiceClient.GetData(2, True)
                MsgBox(sResult)
    
                ProxyBuildingPermitsWCFServiceClient.Dispose()
            Catch ex As FaultException
                ' only if a fault contract was specified 
                ' any other faults 
                MsgBox(ex.Message & vbNewLine & ex.InnerException.ToString)
            Catch ex As CommunicationException
                ' any communication errors? 
                MsgBox(ex.Message & vbNewLine & ex.InnerException.ToString)
            Catch ex As Exception
                MsgBox(ex.Message & vbNewLine & ex.InnerException.ToString)
            End Try
        End Sub
    


    Rowena

    Tuesday, January 22, 2013 5:48 PM
  • Hi,

    >>Unfortunately now the client doesn't seem to pass the Windows identity to the server.

    What is the error?

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, January 23, 2013 9:48 AM
    Moderator
  • There is no error. When I call the GetData() function above it returns the IIS user "IIS APPPOOL\DefaultAppPool". Before it was the windows user,

    String sIdentity = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
    return string.Format(sIdentity);

    A bit more background...

    I created the WCF service. I want it to require Windows Authentication, so I disabled Anonymous in IIS, and enabled Windows. When I tried to view the service it told me it required anonymous access. So I enabled anonymous access in IIS, and set the authorization in the web config. It was still allowing anonymous access until I set aspNetCompatibilityEnabled="true". Now the authentication works as it should, but it experiences the time out issue. This is my webconfig:

    <?xml version="1.0"?>
    <configuration>
      <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off" />
        <authorization>
          <allow users="DomainName\UserName"/>
          <deny users="*"/>
          <deny users="?"/>
        </authorization>
        <authentication mode="Windows" />
        <identity impersonate="true"/>
      </system.web>
      <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
      </system.webServer>
      <system.serviceModel>
        <behaviors>
          <serviceBehaviors>
            <behavior name="serviceBehaviorsName">
              <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
              <serviceMetadata httpGetEnabled="true" />
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
      </system.webServer>
    </configuration>

    Thanks,

    Rowena





    • Edited by Rowena2 Wednesday, January 23, 2013 11:00 PM
    Wednesday, January 23, 2013 4:26 PM
  • Hi Haixia,

    Have you had a chance to look at this?

    Thanks,

    Rowena


    Rowena

    Monday, January 28, 2013 4:51 PM
  • Hi,

    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Tuesday, January 29, 2013 1:20 AM
    Moderator
  • Hi Rowena,

    hope that you are doing good today.

    Did you try to capture WCF traces again to see if you can get anything out of it? Maybe that can help. Let me know and I can review the traces for you.

    Regards,

    Melissa-MSFT

    Wednesday, February 6, 2013 6:28 PM
  • I figured some things out... I had set my authentication in the wrong part of the web.config This is now my web.config:

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
      <system.web>
        <compilation debug="false" targetFramework="4.0" />
        <customErrors mode="Off" />
        <identity impersonate="true" />
        <authentication mode="Windows" />
      </system.web>
      <system.webServer>
        <validation validateIntegratedModeConfiguration="false" />
        <modules runAllManagedModulesForAllRequests="true" />
      </system.webServer>
      <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding name="WinAuth">
              <security mode="Transport">
                <transport clientCredentialType="Windows" />
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
        <services>
          <service name="Service" behaviorConfiguration="serviceBehaviorsName">
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="WinAuth" contract="IBuildingPermitsService" />
            <!--host>
              <baseAddresses>
                <add baseAddress="https://" />
              </baseAddresses>
            </host-->
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="serviceBehaviorsName">
              <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
              <serviceMetadata httpsGetEnabled="true" httpGetEnabled="True"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
      </system.serviceModel>
    </configuration>

    I enabled Tracing as you suggested and I see an error: Failed to lookup a channel to receive an incoming message. Either the endpoint or the SOAP action was not found.


    Rowena

    Tuesday, February 12, 2013 10:58 PM
  • Hi Rowena,

    Can you share the traces with me? I would like to have a look at it.

    regards,

    Melissa-MSFT

    Monday, February 18, 2013 4:19 PM